[TLS] Re: Public side meetings on identity crisis in attested TLS for Confidential Computing
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Wed, 26 March 2025 11:35 UTC
Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 41FF4128BEFB; Wed, 26 Mar 2025 04:35:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Erdg5oSBjAx; Wed, 26 Mar 2025 04:35:47 -0700 (PDT)
Received: from mailout3.zih.tu-dresden.de (mailout3.zih.tu-dresden.de [141.30.67.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 33371128BEEF; Wed, 26 Mar 2025 04:35:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:References:CC:To:From :Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=dUDznMYYt756xnZ6pj1bUccXgG5a0d6lTOKGSQS/Kao=; b=CQGflPQIKJvYFgb0ldx3MukBHB Kg/pAFizNdAdzomnf1Dyng5/m8oy2NONnJVPG7wGHi62La5kZ+ttdVyMgqdGqeGlsFGnzNAqvjv+G g3dAWevTbMm9yxslF7HuPyQWMQlzGmWDQMx+kONyDl+oN5GlUXKZG6doQ/m0RnTnfxyV9Tst9jQiB zZXA7RWCYniAy1UwMjvqwM4yaa8O+F8d0Ip9MeiDFRHW8XPFexyAOlXjnISgBgZsK0xLW7SvFF3Q3 4LYU6KdzDLjBueB/9ygG7fkU/0CN4YVL9uzXrhSTvqK4Fc+QimpjV9Hf4F/pQgaWzO5WmSgZ9vzqT NAUdX6VA==;
Received: from [172.26.35.139] (helo=msx.tu-dresden.de) by mailout3.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1txP2u-009g3E-Aa; Wed, 26 Mar 2025 12:35:45 +0100
Received: from [10.12.5.228] (81.201.156.93) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Wed, 26 Mar 2025 12:35:38 +0100
Message-ID: <ffe236bc-c62c-4a03-a7e4-b9b0438b046b@tu-dresden.de>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
To: "TLS@ietf.org" <tls@ietf.org>, "rats@ietf.org" <rats@ietf.org>, wimse@ietf.org
References: <289e5201-d318-4cfd-b465-a12047092451@tu-dresden.de>
Content-Language: en-US
In-Reply-To: <289e5201-d318-4cfd-b465-a12047092451@tu-dresden.de>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms050705070303010809050702"
X-ClientProxiedBy: MSX-L415.msx.ad.zih.tu-dresden.de (172.26.34.135) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout3.zih.tu-dresden.de
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Hits: max-size
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; news-moderation; no-subject; digests; suspicious-header
Message-ID-Hash: TP6DH76EZ2TSFJ7AKJJPPRQAFLWNLVZY
X-Message-ID-Hash: TP6DH76EZ2TSFJ7AKJJPPRQAFLWNLVZY
X-Mailman-Approved-At: Thu, 27 Mar 2025 07:47:18 -0700
CC: 122attendees@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Public side meetings on identity crisis in attested TLS for Confidential Computing
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XXF7IZLTf7YovmIOULgu7pCMQkM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Date: Wed, 26 Mar 2025 11:35:49 -0000
X-Original-Date: Wed, 26 Mar 2025 12:35:36 +0100
Highly appreciate active participation and insightful discussions during
the public side meetings and the whole week in general.
Some folks requested slides for side meetings, so here they are:
* First side meeting
o My slides can be downloaded from archive [1].
* Second side meeting
o My slides are the same as presented at TLS WG [2].
o Pavel's slides [3]
o Jun's slides are attached.
The editors of draft-fossati-tls-exported-attestation meet every Monday
at 10 am CET. Anyone interested in solving the identity crisis is very
welcome to join:
https://armltd.zoom.us/j/95916189802?pwd=5V7xCcBIo7VnDaKKW9bzgLCcaaGglt.1&from=addon
Meeting ID: 959 1618 9802
Passcode: 542365
Kind regards,
Usama
[1]
https://www.researchgate.net/publication/390121641_Presentation_Attested_TLS_Fundamentals
[2]
https://datatracker.ietf.org/meeting/122/materials/slides-122-tls-identity-crisis-00
[3]
https://docs.google.com/presentation/d/1zbbmEoIpkUmX5RrOrZY9yd8XZ5Z2uo_CzfExu93NK1Q/
On 06.03.25 10:14, Muhammad Usama Sardar wrote:
>
> (Note for TLS WG only: announcing with approval of chairs [0])
>
> Hi all,
>
> *TL;DR*: There will be a couple of /public side meetings/ on attested
> TLS. For organizational purposes (e.g., to ask for a bigger room
> [current room capacity: 20]), if you are interested in presenting or
> attending /in-person/, please drop me a short email. Since some of the
> attested TLS team members will be remote (and in Europe), we have
> selected a time slot suitable for them. But if you are really
> interested and this time does not work for you, please let me know and
> we will seek alternatives. Also see call for presentations below.
>
> Date: 17th March (Monday) and 19th March (Wednesday)
>
> Time: Both meetings at 15:00 - 17:00
>
> Room: Meeting Room 3
>
> Relevant for:
>
> * *RATS*: Design space to inject remote attestation into transport
> protocols; and related security considerations
> * *TLS*: Extension of TLS with remote attestation
> * *WIMSE*: Identity crisis in confidential computing
>
> No prior knowledge is assumed but knowledge of TLS will be helpful.
>
> The current agenda is based on joint works with Arto Niemi, Hannes
> Tschofenig, Thomas Fossati, Simon Frost, Ned Smith, Mariam Moustafa,
> Tuomas Aura, Yaron Sheffer, Ionut Mihalcea and Jean-Marie Jacquet.
>
> *Draft agenda for first side meeting*:
>
> The first side meeting aims to bring everyone on the same page for
> discussion of the open questions in the second side meeting. We plan
> to cover the following topics (subject to changes dependent on the
> interest and background of attendees):
>
> * Network Security (TLS: RFC8446bis [1])
> o Without client authentication
> o With client authentication
> * Endpoint Security (Remote Attestation (RA): including RFC9334 and
> RFC9683)
> o Disambiguate attestation and authentication
> * Attested TLS (RA || TLS) including [4] and [5]
> o Design Options
> + Pre-handshake attestation
> + Intra-handshake attestation
> + Post-handshake attestation
> o Protocols
> + Server as Attester
> + Client as Attester
>
> *Draft agenda and call for presentations for second side meeting*:
>
> * Technical details of impersonation attacks [6]
> o Attack1 in [6]
> o Attack2 in [6]
> * Proposed solution (Recommendation [6])
> * Discussion of open questions [6]
> * Other relevant open questions
>
> We aim to scope the side meetings to Confidential Computing and
> welcome presentations around the theme of attacks mentioned here [6]
> within this scope. If interested, please send me your topic and time
> estimate until 10th March.
>
> Additional readings:
>
> * Attested TLS [7]
> * Attestation in Arm CCA and Intel TDX [8]
>
>
> We look forward to your perspectives and discussions during the side
> meetings!
>
>
> Kind regards,
>
> Usama
>
>
> [0] https://mailarchive.ietf.org/arch/msg/tls/RHyArzvEJHimDi49b2bboPAUW_c/
>
> [1] https://datatracker.ietf.org/doc/draft-ietf-tls-rfc8446bis/
>
> [2] https://datatracker.ietf.org/doc/rfc9334/
>
> [3] https://datatracker.ietf.org/doc/rfc9683/
>
> [4] https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/
>
> [5]
> https://datatracker.ietf.org/doc/draft-fossati-tls-exported-attestation/
>
> [6] https://mailarchive.ietf.org/arch/msg/tls/Jx_yPoYWMIKaqXmPsytKZBDq23o/
>
> [7] https://ieeexplore.ieee.org/document/10752524
>
> [8] https://ieeexplore.ieee.org/document/10373038
>
- [TLS] Public side meetings on identity crisis in … Muhammad Usama Sardar
- [TLS] Re: [Wimse] Public side meetings on identit… John Kemp
- [TLS] Re: [Wimse] Public side meetings on identit… Muhammad Usama Sardar
- [TLS] Re: Public side meetings on identity crisis… Muhammad Usama Sardar
- [TLS] Re: Public side meetings on identity crisis… Muhammad Usama Sardar